Java Security Testing Engineer

Job Description

Location: Charlotte, NC Salary: $69.00 USD Hourly - $74.00 USD Hourly

Description: Threat Detection Engineer (Contingent Resource) Locations: Charlotte, NC | Chandler, AZ | Minneapolis, MN | Dallas (Las Colinas), TX Conversion: Yes

About the Role In this role, you will serve as a senior contributor within the Information Security Engineering function, supporting large-scale, highly complex initiatives. You will analyze and solve multifaceted security challenges, design and mature detection capabilities, and consult with cross-functional partners to strengthen the organization's security posture. You will leverage deep expertise in threat detection engineering, cloud and on-premise telemetry, and attacker tradecraft to build high-fidelity detections and guide the full detection lifecycle-from requirements to decommissioning.

Responsibilities

- Lead and contribute to complex Information Security Engineering initiatives with broad organizational impact.

- Review, analyze, and solve advanced security challenges involving multi-cloud, multi-tenant, or global-scale environments.

- Design, implement, tune, and maintain high-quality threat detections across SIEM, EDR/XDR, and cloud platforms.

- Map detections to MITRE ATT&CK, identify gaps, and propose improvements.

- Assess data quality, telemetry coverage, and log source onboarding needs to enhance detection capabilities.

- Collaborate strategically with engineering, SOC, platform, and infrastructure teams.

- Develop metrics, dashboards, and feedback loops supporting continuous detection quality improvement.

- Create runbooks, playbooks, and documentation for detection operations.

- Apply automation, scripting, and version-controlled workflows to streamline detection development and testing.

Required Qualifications

- 5+ years of experience in Information Security Engineering, Threat Detection Engineering, Security Operations, or Incident Response.

- 3+ years specifically focused on writing, tuning, and managing threat detections.

- Demonstrated ownership of a detection lifecycle or detection engineering program (requirements, design, implementation, tuning, decommissioning).

- Proven success operating in large-scale or complex environments , such as multi-cloud, multi-tenant, or global enterprises.

- Equivalent experience from work, consulting, training, military service, or education is welcome.

Technical Skills

- Detection Engineering SIEM (Splunk) Advanced SPL expertise (searches, macros, data models, scheduled searches, alerting)

- EDR/XDR (CrowdStrike Falcon) Custom IOA rule authoring, tuning, and exclusion logic

- Microsoft Security Defender for Endpoint Defender for Cloud Apps Microsoft Sentinel / M365 Defender Strong KQL proficiency

- Cloud Platforms Azure: Log Analytics, Azure AD, Defender for Cloud, activity logs Google Cloud Platform: Cloud Logging, Security Command Center, IAM, network telemetry

- Ability to convert attacker TTPs into actionable detection logic across multiple ecosystems

Threat & Attack Expertise

- Deep familiarity with MITRE ATT&CK (Enterprise Matrix)

- Understanding of adversary behaviors, including: Phishing Ransomware Lateral movement Privilege escalation Data exfiltration Cloud account compromise Identity abuse

- Experience conducting detection gap analysis based on emerging threats

- Knowledge of threat intelligence sources and operationalizing intel into detection content

Detection Fidelity & Quality

- Experience measuring and improving detection precision, recall, and signal-to-noise ratio

- Ability to plan and execute detection testing: Simulations Red team findings Adversary emulation tools

- Familiarity with testing frameworks such as: Atomic Red Team Caldera Commercial breach & attack simulation tools

- Experience building metrics, dashboards, and SOC collaboration loops Creation and maintenance of runbooks/playbooks tied to detection alerts

Data Engineering & Telemetry

- Understanding of: Windows events, Sysmon Linux logs Network telemetry (NetFlow, firewall, DNS/proxy) Cloud-native logs for Azure, Google Cloud Platform, and AWS Identity and access logs (Azure AD, Okta, on-prem AD)

- Ability to evaluate log quality, coverage, and data onboarding requirements

- Experience working with engineering and platform teams to enable new log sources

Engineering & Automation

- Proficiency in scripting languages such as Python or PowerShell to support automation, testing, and enrichment

- Experience using Git for version control (branching, PRs, reviews)

- Familiarity with SDLC-style processes for detection content

- Knowledge of infrastructure-as-code or configuration-as-code concepts (preferred)

Additional Information

More detailed requirements will be provided as needed.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the OpenKyber, Inc. and its affiliates (collectively \"OpenKyber\") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with OpenKyber's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from OpenKyber and HELP for help.

Contact: This job and many more are available through OpenKyber. Please apply with us today!

For applications and inquiries, contact: [email protected]

","url":"https://www.talent.com/view?id=615040596350478287","occupationalCategory":"15-1299.04